Cisco CallManager Cross-Site Scripting Vulnerability

Bugtraq ID: 18504
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jun 19 2006 12:00AM
Updated: Jun 20 2006 08:10PM
Credit: Jake Reynolds of FishNet Security is credited with the discovery of this vulnerability.
Vulnerable: Cisco Call Manager 4.1 (3)SR2
Cisco Call Manager 4.1 (3)SR1
Cisco Call Manager 4.1 (3)ES32
Cisco Call Manager 4.1 (3)ES24
Cisco Call Manager 4.1 (3)ES07
Cisco Call Manager 4.1 (2)ES55
Cisco Call Manager 4.1 (2)ES50
Cisco Call Manager 4.1 (2)ES33
Cisco Call Manager 4.0 (2a)SR2c
Cisco Call Manager 4.0 (2a)SR2b
Cisco Call Manager 4.0 (2a)ES62
Cisco Call Manager 4.0 (2a)ES56
Cisco Call Manager 4.0 (2a)ES40
Cisco Call Manager 4.0
Cisco Call Manager 3.3 (5)SR1a
Cisco Call Manager 3.3 (5)ES30
Cisco Call Manager 3.3 (5)ES24
Cisco Call Manager 3.3 (5)
Cisco Call Manager 3.3 (4)ES25
Cisco Call Manager 3.3 (3)ES61
Cisco Call Manager 3.3 (3)
Cisco Call Manager 3.3
Cisco Call Manager 3.2
+ Cisco VoIP Phone 7902G 0
+ Cisco VoIP Phone 7905G 0
+ Cisco VoIP Phone 7912G 0
Cisco Call Manager 3.1 (3a)
Cisco Call Manager 3.1 (2)
Cisco Call Manager 3.1
Not Vulnerable: Cisco Call Manager 4.3(1)
Cisco Call Manager 4.2(3)
Cisco Call Manager 4.1(3)SR4
Cisco Call Manager 3.3(5)SR3


 

Privacy Statement
Copyright 2010, SecurityFocus